From f3f6f233ff94c0712c2aa00878a165090a566755 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:36:39 +0500 Subject: [PATCH 01/22] Update render_task.yaml --- .github/workflows/render_task.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/render_task.yaml b/.github/workflows/render_task.yaml index 2f6cf17..13504e2 100644 --- a/.github/workflows/render_task.yaml +++ b/.github/workflows/render_task.yaml @@ -52,11 +52,12 @@ jobs: - name: Commit Changes run: | + git pull git config --global user.email "stakater@gmail.com" git config --global user.name "stakater-user" git add ${{ inputs.SUBPATH }}/rendered git commit -m "[skip ci] Add rendered and modified Helm chart" - git pull + - name: Push changes uses: ad-m/github-push-action@master From 89f1cd4854defb47ebf31676e218b9cdc7853207 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:37:43 +0500 Subject: [PATCH 02/22] Update clustertask.yaml --- stakater-buildah/helm/templates/clustertask.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stakater-buildah/helm/templates/clustertask.yaml b/stakater-buildah/helm/templates/clustertask.yaml index c2242bf..2a58eb8 100644 --- a/stakater-buildah/helm/templates/clustertask.yaml +++ b/stakater-buildah/helm/templates/clustertask.yaml @@ -93,6 +93,7 @@ spec: --tls-verify=$(params.TLSVERIFY) --no-cache \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) fi + securityContext: privileged: true volumeMounts: @@ -138,4 +139,4 @@ spec: workspaces: - name: source - name: buildah-git-dependency-token - optional: true \ No newline at end of file + optional: true From d20c3adfe83b9e901857e7f7377c45dc8d9db87c Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:38:39 +0500 Subject: [PATCH 03/22] Update clustertask.yaml --- stakater-push-main-tag/helm/templates/clustertask.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stakater-push-main-tag/helm/templates/clustertask.yaml b/stakater-push-main-tag/helm/templates/clustertask.yaml index f7db7f7..13160cd 100644 --- a/stakater-push-main-tag/helm/templates/clustertask.yaml +++ b/stakater-push-main-tag/helm/templates/clustertask.yaml @@ -41,6 +41,7 @@ spec: echo "Remote URL is not in SSH format: $remote_url" fi else + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then git config --global user.name tekton-bot git config --global user.email stakater-tekton-bot@stakater.com @@ -92,4 +93,4 @@ spec: will be copied to the user's home before any git commands are run. Any other files in this Workspace are ignored. It is strongly recommended to use ssh-directory over basic-auth whenever possible and to bind a - Secret to this Workspace over other volume types. \ No newline at end of file + Secret to this Workspace over other volume types. From 9b16dad4cac78f4136c053d9bdb8f9eac5f0d6cd Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:42:52 +0500 Subject: [PATCH 04/22] Update stakater_buildah.yaml --- .github/workflows/stakater_buildah.yaml | 184 ++++++++++++------------ 1 file changed, 92 insertions(+), 92 deletions(-) diff --git a/.github/workflows/stakater_buildah.yaml b/.github/workflows/stakater_buildah.yaml index 667b05b..7bd8b9d 100644 --- a/.github/workflows/stakater_buildah.yaml +++ b/.github/workflows/stakater_buildah.yaml @@ -13,102 +13,102 @@ on: - 'stakater-buildah/**' jobs: - clustertask-test-run: - name: ClusterTask Test Run on SNO - runs-on: self-hosted - if: github.event_name == 'pull_request' && github.ref != 'refs/heads/main' - - steps: - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{github.event.pull_request.head.sha}} - - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - # This is used to setup kubeconfig, required by Tilt - - name: Login to cluster - run: oc login --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --server=https://kubernetes.default.svc --insecure-skip-tls-verify=true - - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.8.2 - - # This is required for login to ghcr helm registry - - name: Login to Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io/stakater - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Install kubectl - uses: azure/setup-kubectl@v3 - with: - version: v1.26.0 - - - name: Install tilt - run: curl -fsSL https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh | bash - - - name: Tilt CI - Setup Dependencies - run: tilt ci -f .github/Tiltfile-setup-dependencies - - - name: Tilt CI - Run Clustertask - env: - TEST_GIT_REPO_SECRET: ${{ secrets.TEKTON_CATALOG_ARC_CLUSTERTASK_TOKEN }} - # Token created with stakater-user. Expires on Thu, Jun 29 2023. - run: tilt ci -f stakater-buildah/tests/Tiltfile-clustertask - - - name: Tilt down - Clustertask - if: always() - run: tilt down -f stakater-buildah/tests/Tiltfile-delete-clustertask - - - name: Tilt down - Dependencies - if: always() - run: tilt down -f .github/Tiltfile-delete-dependencies --delete-namespaces + # clustertask-test-run: + # name: ClusterTask Test Run on SNO + # runs-on: self-hosted + # if: github.event_name == 'pull_request' && github.ref != 'refs/heads/main' + + # steps: + # - name: Check out code + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # ref: ${{github.event.pull_request.head.sha}} + + # - name: Install CLI tools from OpenShift Mirror + # uses: redhat-actions/openshift-tools-installer@v1 + # with: + # oc: "4" + + # # This is used to setup kubeconfig, required by Tilt + # - name: Login to cluster + # run: oc login --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --server=https://kubernetes.default.svc --insecure-skip-tls-verify=true + + # - name: Set up Helm + # uses: azure/setup-helm@v3 + # with: + # version: v3.8.2 + + # # This is required for login to ghcr helm registry + # - name: Login to Container Registry + # uses: docker/login-action@v2 + # with: + # registry: ghcr.io/stakater + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Install kubectl + # uses: azure/setup-kubectl@v3 + # with: + # version: v1.26.0 + + # - name: Install tilt + # run: curl -fsSL https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh | bash + + # - name: Tilt CI - Setup Dependencies + # run: tilt ci -f .github/Tiltfile-setup-dependencies + + # - name: Tilt CI - Run Clustertask + # env: + # TEST_GIT_REPO_SECRET: ${{ secrets.TEKTON_CATALOG_ARC_CLUSTERTASK_TOKEN }} + # # Token created with stakater-user. Expires on Thu, Jun 29 2023. + # run: tilt ci -f stakater-buildah/tests/Tiltfile-clustertask + + # - name: Tilt down - Clustertask + # if: always() + # run: tilt down -f stakater-buildah/tests/Tiltfile-delete-clustertask + + # - name: Tilt down - Dependencies + # if: always() + # run: tilt down -f .github/Tiltfile-delete-dependencies --delete-namespaces next-version: uses: stakater/tekton-catalog/.github/workflows/next_version.yaml@main with: component: stakater-buildah - pull-request: - uses: stakater/tekton-catalog/.github/workflows/pull_request.yaml@main - name: Pull Request - if: ${{ github.ref != 'refs/heads/main' }} - needs: - - next-version - secrets: - REGISTRY_USERNAME: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - with: - CONTAINER_REGISTRY_URL: ghcr.io/stakater - HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts - SUBPATH: stakater-buildah - PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} - PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} - NEXT_VERSION: ${{ needs.next-version.outputs.version }} - - push-and-release: - uses: stakater/tekton-catalog/.github/workflows/push.yaml@main - name: Push and Release - if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - needs: - - next-version - secrets: - REGISTRY_USERNAME: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - with: - CONTAINER_REGISTRY_URL: ghcr.io/stakater - HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts - SUBPATH: stakater-buildah - PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} - PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} - NEXT_VERSION: ${{ needs.next-version.outputs.version }} + # pull-request: + # uses: stakater/tekton-catalog/.github/workflows/pull_request.yaml@main + # name: Pull Request + # if: ${{ github.ref != 'refs/heads/main' }} + # needs: + # - next-version + # secrets: + # REGISTRY_USERNAME: ${{ github.actor }} + # REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + # with: + # CONTAINER_REGISTRY_URL: ghcr.io/stakater + # HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts + # SUBPATH: stakater-buildah + # PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} + # PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} + # NEXT_VERSION: ${{ needs.next-version.outputs.version }} + + # push-and-release: + # uses: stakater/tekton-catalog/.github/workflows/push.yaml@main + # name: Push and Release + # if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + # needs: + # - next-version + # secrets: + # REGISTRY_USERNAME: ${{ github.actor }} + # REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + # with: + # CONTAINER_REGISTRY_URL: ghcr.io/stakater + # HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts + # SUBPATH: stakater-buildah + # PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} + # PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} + # NEXT_VERSION: ${{ needs.next-version.outputs.version }} render-and-replace: uses: stakater/tekton-catalog/.github/workflows/render_task.yaml@main @@ -117,7 +117,7 @@ jobs: needs: - next-version secrets: - STAKATER_GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + STAKATER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: SUBPATH: stakater-buildah NEXT_VERSION: ${{ needs.next-version.outputs.version }} From e42f4d0bfa2c59d1d16321d491ac504598c0fe66 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:46:52 +0500 Subject: [PATCH 05/22] Update stakater_buildah_as_user.yaml --- .../workflows/stakater_buildah_as_user.yaml | 184 +++++++++--------- 1 file changed, 92 insertions(+), 92 deletions(-) diff --git a/.github/workflows/stakater_buildah_as_user.yaml b/.github/workflows/stakater_buildah_as_user.yaml index 35d54d8..bdab511 100644 --- a/.github/workflows/stakater_buildah_as_user.yaml +++ b/.github/workflows/stakater_buildah_as_user.yaml @@ -13,102 +13,102 @@ on: - 'stakater-buildah-as-user/**' jobs: - clustertask-test-run: - name: ClusterTask Test Run on SNO - runs-on: self-hosted - if: github.event_name == 'pull_request' && github.ref != 'refs/heads/main' - - steps: - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{github.event.pull_request.head.sha}} - - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - # This is used to setup kubeconfig, required by Tilt - - name: Login to cluster - run: oc login --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --server=https://kubernetes.default.svc --insecure-skip-tls-verify=true - - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.8.2 - - # This is required for login to ghcr helm registry - - name: Login to Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io/stakater - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Install kubectl - uses: azure/setup-kubectl@v3 - with: - version: v1.26.0 - - - name: Install tilt - run: curl -fsSL https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh | bash - - - name: Tilt CI - Setup Dependencies - run: tilt ci -f .github/Tiltfile-setup-dependencies - - - name: Tilt CI - Run Clustertask - env: - TEST_GIT_REPO_SECRET: ${{ secrets.TEKTON_CATALOG_ARC_CLUSTERTASK_TOKEN }} - # Token created with stakater-user. Expires on Thu, Jun 29 2023. - run: tilt ci -f stakater-buildah-as-user/tests/Tiltfile-clustertask - - - name: Tilt down - Clustertask - if: always() - run: tilt down -f stakater-buildah-as-user/tests/Tiltfile-delete-clustertask - - - name: Tilt down - Dependencies - if: always() - run: tilt down -f .github/Tiltfile-delete-dependencies --delete-namespaces + # clustertask-test-run: + # name: ClusterTask Test Run on SNO + # runs-on: self-hosted + # if: github.event_name == 'pull_request' && github.ref != 'refs/heads/main' + + # steps: + # - name: Check out code + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # ref: ${{github.event.pull_request.head.sha}} + + # - name: Install CLI tools from OpenShift Mirror + # uses: redhat-actions/openshift-tools-installer@v1 + # with: + # oc: "4" + + # # This is used to setup kubeconfig, required by Tilt + # - name: Login to cluster + # run: oc login --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --server=https://kubernetes.default.svc --insecure-skip-tls-verify=true + + # - name: Set up Helm + # uses: azure/setup-helm@v3 + # with: + # version: v3.8.2 + + # # This is required for login to ghcr helm registry + # - name: Login to Container Registry + # uses: docker/login-action@v2 + # with: + # registry: ghcr.io/stakater + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Install kubectl + # uses: azure/setup-kubectl@v3 + # with: + # version: v1.26.0 + + # - name: Install tilt + # run: curl -fsSL https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh | bash + + # - name: Tilt CI - Setup Dependencies + # run: tilt ci -f .github/Tiltfile-setup-dependencies + + # - name: Tilt CI - Run Clustertask + # env: + # TEST_GIT_REPO_SECRET: ${{ secrets.TEKTON_CATALOG_ARC_CLUSTERTASK_TOKEN }} + # # Token created with stakater-user. Expires on Thu, Jun 29 2023. + # run: tilt ci -f stakater-buildah-as-user/tests/Tiltfile-clustertask + + # - name: Tilt down - Clustertask + # if: always() + # run: tilt down -f stakater-buildah-as-user/tests/Tiltfile-delete-clustertask + + # - name: Tilt down - Dependencies + # if: always() + # run: tilt down -f .github/Tiltfile-delete-dependencies --delete-namespaces next-version: uses: stakater/tekton-catalog/.github/workflows/next_version.yaml@main with: component: stakater-buildah-as-user - pull-request: - uses: stakater/tekton-catalog/.github/workflows/pull_request.yaml@main - name: Pull Request - if: ${{ github.ref != 'refs/heads/main' }} - needs: - - next-version - secrets: - REGISTRY_USERNAME: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - with: - CONTAINER_REGISTRY_URL: ghcr.io/stakater - HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts - SUBPATH: stakater-buildah-as-user - PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} - PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} - NEXT_VERSION: ${{ needs.next-version.outputs.version }} - - push-and-release: - uses: stakater/tekton-catalog/.github/workflows/push.yaml@main - name: Push and Release - if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - needs: - - next-version - secrets: - REGISTRY_USERNAME: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - with: - CONTAINER_REGISTRY_URL: ghcr.io/stakater - HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts - SUBPATH: stakater-buildah-as-user - PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} - PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} - NEXT_VERSION: ${{ needs.next-version.outputs.version }} + # pull-request: + # uses: stakater/tekton-catalog/.github/workflows/pull_request.yaml@main + # name: Pull Request + # if: ${{ github.ref != 'refs/heads/main' }} + # needs: + # - next-version + # secrets: + # REGISTRY_USERNAME: ${{ github.actor }} + # REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + # with: + # CONTAINER_REGISTRY_URL: ghcr.io/stakater + # HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts + # SUBPATH: stakater-buildah-as-user + # PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} + # PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} + # NEXT_VERSION: ${{ needs.next-version.outputs.version }} + + # push-and-release: + # uses: stakater/tekton-catalog/.github/workflows/push.yaml@main + # name: Push and Release + # if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + # needs: + # - next-version + # secrets: + # REGISTRY_USERNAME: ${{ github.actor }} + # REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + # with: + # CONTAINER_REGISTRY_URL: ghcr.io/stakater + # HELM_REGISTRY_URL: oci://ghcr.io/stakater/charts + # SUBPATH: stakater-buildah-as-user + # PUSH_CONTAINER_IMAGE: ${{ needs.next-version.outputs.dockerfile_exists }} + # PUBLISH_HEM_CHART: ${{ needs.next-version.outputs.helm_chart_exists }} + # NEXT_VERSION: ${{ needs.next-version.outputs.version }} render-and-replace: uses: stakater/tekton-catalog/.github/workflows/render_task.yaml@main @@ -117,7 +117,7 @@ jobs: needs: - next-version secrets: - STAKATER_GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + STAKATER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: SUBPATH: stakater-buildah-as-user NEXT_VERSION: ${{ needs.next-version.outputs.version }} From 7d46b157cd354b745eb0dcd80bf53dbbd64d4a2b Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:49:18 +0500 Subject: [PATCH 06/22] Update clustertask.yaml --- stakater-buildah-as-user/helm/templates/clustertask.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/stakater-buildah-as-user/helm/templates/clustertask.yaml b/stakater-buildah-as-user/helm/templates/clustertask.yaml index d0af181..3482e56 100644 --- a/stakater-buildah-as-user/helm/templates/clustertask.yaml +++ b/stakater-buildah-as-user/helm/templates/clustertask.yaml @@ -72,7 +72,6 @@ spec: - name: WORKSPACE_BUILDAH_GIT_DEPENDENCY_TOKEN_BOUND value: $(workspaces.buildah-git-dependency-token.bound) script: | - echo "Running as USER ID `id`" if [ "${WORKSPACE_BUILDAH_GIT_DEPENDENCY_TOKEN_BOUND}" = "true" ]; then token=$(ls ../buildah-git-dependency-token/) From b985bd33bcda9e6acb18a65c0a0cbf2f2524044b Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:50:09 +0500 Subject: [PATCH 07/22] Update clustertask.yaml --- stakater-buildah/helm/templates/clustertask.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/stakater-buildah/helm/templates/clustertask.yaml b/stakater-buildah/helm/templates/clustertask.yaml index 2a58eb8..f5b02d5 100644 --- a/stakater-buildah/helm/templates/clustertask.yaml +++ b/stakater-buildah/helm/templates/clustertask.yaml @@ -11,6 +11,7 @@ spec: using its buildah bud command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry. + params: - description: Reference of the image buildah will produce. name: IMAGE From c20291483d8ce43f3167e68421ab9ed4964c1897 Mon Sep 17 00:00:00 2001 From: stakater-user Date: Mon, 2 Oct 2023 09:51:58 +0000 Subject: [PATCH 08/22] [skip ci] Add rendered and modified Helm chart --- .../rendered/stakater-buildah-0.0.1.yaml | 145 ++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 stakater-buildah/rendered/stakater-buildah-0.0.1.yaml diff --git a/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml b/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml new file mode 100644 index 0000000..3ca8818 --- /dev/null +++ b/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml @@ -0,0 +1,145 @@ +--- +# Source: stakater-buildah/templates/clustertask.yaml +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: stakater-buildah-0.0.1 +spec: + description: >- + Buildah task builds source into a container image and then pushes it to a + container registry. + Buildah Task builds source into a container image using Project Atomic's + Buildah build tool.It uses Buildah's support for building from Dockerfiles, + using its buildah bud command.This command executes the directives in the + Dockerfile to assemble a container image, then pushes that image to a + container registry. + + params: + - description: Reference of the image buildah will produce. + name: IMAGE + type: string + - default: >- + registry.redhat.io/rhel8/buildah@sha256:180c4d9849b6ab0e5465d30d4f3a77765cf0d852ca1cb1efb59d6e8c9f90d467 + description: The location of the buildah builder image. + name: BUILDER_IMAGE + type: string + - default: overlay + description: Set buildah storage driver + name: STORAGE_DRIVER + type: string + - default: ./Dockerfile + description: Path to the Dockerfile to build. + name: DOCKERFILE + type: string + - default: . + description: Path to the directory to use as context. + name: CONTEXT + type: string + - default: 'true' + description: >- + Verify the TLS on the registry endpoint (for push/pull to a non-TLS + registry) + name: TLSVERIFY + type: string + - default: oci + description: 'The format of the built container, oci or docker' + name: FORMAT + type: string + - default: '' + description: Extra parameters passed for the build command when building images. + name: BUILD_EXTRA_ARGS + type: string + - default: '' + description: Extra parameters passed for the push command when pushing images. + name: PUSH_EXTRA_ARGS + type: string + - default: 'true' + description: Flag specifying whether image should be built again. + name: BUILD_IMAGE + type: string + - default: '' + description: Image registry url. + name: IMAGE_REGISTRY + type: string + - default: '' + description: Current version of the application/image in dev. + name: CURRENT_GIT_TAG + type: string + results: + - description: Digest of the image just built. + name: IMAGE_DIGEST + steps: + - image: $(params.BUILDER_IMAGE) + name: build + resources: {} + env: + - name: WORKSPACE_BUILDAH_GIT_DEPENDENCY_TOKEN_BOUND + value: $(workspaces.buildah-git-dependency-token.bound) + script: > + + if [ "${WORKSPACE_BUILDAH_GIT_DEPENDENCY_TOKEN_BOUND}" = "true" ]; then + token=$(ls ../buildah-git-dependency-token/) + FILE=../buildah-git-dependency-token/$token + echo "$FILE exists." + GIT_DEPENDENCY_TOKEN=`cat $FILE` + else + echo "$FILE does not exist." + GIT_DEPENDENCY_TOKEN='' + fi + + buildah pull docker://$(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG) || Image_unavailable=$? + + if [[ $(params.BUILD_IMAGE) == true || $Image_unavailable != '' + ]]; then + buildah --storage-driver=$(params.STORAGE_DRIVER) bud \ + $(params.BUILD_EXTRA_ARGS)$GIT_DEPENDENCY_TOKEN --format=$(params.FORMAT) \ + --tls-verify=$(params.TLSVERIFY) --no-cache \ + -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) + fi + + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/containers + name: varlibcontainers + workingDir: $(workspaces.source.path) + - image: $(params.BUILDER_IMAGE) + name: push + resources: {} + script: > + buildah pull + docker://$(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG)|| + Image_unavailable=$? + + if [[ $(params.BUILD_IMAGE) == true || $Image_unavailable != '' + ]]; then + buildah --storage-driver=$(params.STORAGE_DRIVER) push \ + $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ + --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \ + docker://$(params.IMAGE) + else + buildah pull docker://$(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG) + buildah tag $(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG) $(params.IMAGE) + buildah --storage-driver=$(params.STORAGE_DRIVER) push \ + $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ + $(params.IMAGE) docker://$(params.IMAGE) + fi + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/containers + name: varlibcontainers + workingDir: $(workspaces.source.path) + - image: $(params.BUILDER_IMAGE) + name: digest-to-results + resources: {} + script: >- + cat $(workspaces.source.path)/image-digest | tee + /tekton/results/IMAGE_DIGEST + volumes: + - emptyDir: {} + name: varlibcontainers + workspaces: + - name: source + - name: buildah-git-dependency-token + optional: true From 693439e5f7d7f12b7b520d5e80c8673c614ed1e1 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:57:12 +0500 Subject: [PATCH 09/22] Update render_task.yaml --- .github/workflows/render_task.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/render_task.yaml b/.github/workflows/render_task.yaml index 13504e2..fec0b99 100644 --- a/.github/workflows/render_task.yaml +++ b/.github/workflows/render_task.yaml @@ -22,6 +22,10 @@ concurrency: jobs: render_and_replace: runs-on: ubuntu-latest + strategy: + fail-fast: false # Set to false to retry the entire job even if one job fails + matrix: + retry-max: [1, 2, 3] steps: - name: Checkout Repository From c630b17849b480fddc96c99e7d94813f2d0c2589 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:57:49 +0500 Subject: [PATCH 10/22] Update clustertask.yaml --- stakater-buildah-as-user/helm/templates/clustertask.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/stakater-buildah-as-user/helm/templates/clustertask.yaml b/stakater-buildah-as-user/helm/templates/clustertask.yaml index 3482e56..cea596d 100644 --- a/stakater-buildah-as-user/helm/templates/clustertask.yaml +++ b/stakater-buildah-as-user/helm/templates/clustertask.yaml @@ -92,6 +92,7 @@ spec: --tls-verify=$(params.TLSVERIFY) --no-cache \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) fi + securityContext: runAsUser: 1000 volumeMounts: From 3c5f5265756f4d10a78f19fd867b9af9e135fbc0 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 14:59:07 +0500 Subject: [PATCH 11/22] Update README.md --- stakater-buildah/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stakater-buildah/README.md b/stakater-buildah/README.md index ed6e283..2ab4041 100644 --- a/stakater-buildah/README.md +++ b/stakater-buildah/README.md @@ -13,6 +13,7 @@ This tilt function allows a maximum of one parallel updates. This helps resource ### Create Clustertask + Installs Helm chart for clustertask that lives in `/helm` directory. ### Create Pipeline and PipelineRun @@ -49,4 +50,4 @@ This pipeline run also requires a service account named `pipeline-sa`. This serv ### Deleting dependencies: -`tilt down -f stakater-buildah/tests/Tiltfile-delete-clustertask` \ No newline at end of file +`tilt down -f stakater-buildah/tests/Tiltfile-delete-clustertask` From 39a658fa012572baec2b0e3fb219d88482be2235 Mon Sep 17 00:00:00 2001 From: stakater-user Date: Mon, 2 Oct 2023 10:00:44 +0000 Subject: [PATCH 12/22] [skip ci] Add rendered and modified Helm chart --- .../rendered/stakater-buildah-as-user-0.0.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml b/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml index 557711f..5be8ac5 100644 --- a/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml +++ b/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml @@ -74,7 +74,6 @@ spec: - name: WORKSPACE_BUILDAH_GIT_DEPENDENCY_TOKEN_BOUND value: $(workspaces.buildah-git-dependency-token.bound) script: | - echo "Running as USER ID `id`" if [ "${WORKSPACE_BUILDAH_GIT_DEPENDENCY_TOKEN_BOUND}" = "true" ]; then token=$(ls ../buildah-git-dependency-token/) @@ -95,6 +94,7 @@ spec: --tls-verify=$(params.TLSVERIFY) --no-cache \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) fi + securityContext: runAsUser: 1000 volumeMounts: From 0a274baf04e21c3b70b61df8844bd65d64600045 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 15:03:45 +0500 Subject: [PATCH 13/22] Update clustertask.yaml --- stakater-buildah/helm/templates/clustertask.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/stakater-buildah/helm/templates/clustertask.yaml b/stakater-buildah/helm/templates/clustertask.yaml index f5b02d5..2a58eb8 100644 --- a/stakater-buildah/helm/templates/clustertask.yaml +++ b/stakater-buildah/helm/templates/clustertask.yaml @@ -11,7 +11,6 @@ spec: using its buildah bud command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry. - params: - description: Reference of the image buildah will produce. name: IMAGE From f8b7078c41890707f11f02db42f046f4219396f5 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 15:04:38 +0500 Subject: [PATCH 14/22] Update clustertask.yaml --- stakater-buildah-as-user/helm/templates/clustertask.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/stakater-buildah-as-user/helm/templates/clustertask.yaml b/stakater-buildah-as-user/helm/templates/clustertask.yaml index cea596d..6780fd7 100644 --- a/stakater-buildah-as-user/helm/templates/clustertask.yaml +++ b/stakater-buildah-as-user/helm/templates/clustertask.yaml @@ -82,7 +82,6 @@ spec: echo "$FILE does not exist." GIT_DEPENDENCY_TOKEN='' fi - buildah pull docker://$(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG) || Image_unavailable=$? if [[ $(params.BUILD_IMAGE) == true || $Image_unavailable != '' From 709fc3ce7085382a3d3ac633e2fa334470b70cd3 Mon Sep 17 00:00:00 2001 From: stakater-user Date: Mon, 2 Oct 2023 10:05:37 +0000 Subject: [PATCH 15/22] [skip ci] Add rendered and modified Helm chart --- stakater-buildah/rendered/stakater-buildah-0.0.1.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml b/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml index 3ca8818..80de351 100644 --- a/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml +++ b/stakater-buildah/rendered/stakater-buildah-0.0.1.yaml @@ -13,7 +13,6 @@ spec: using its buildah bud command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry. - params: - description: Reference of the image buildah will produce. name: IMAGE From 340ac4ca0157b751b08e3fc5409b84022242a83e Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 15:10:06 +0500 Subject: [PATCH 16/22] Update render_task.yaml --- .github/workflows/render_task.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/render_task.yaml b/.github/workflows/render_task.yaml index fec0b99..337a307 100644 --- a/.github/workflows/render_task.yaml +++ b/.github/workflows/render_task.yaml @@ -61,6 +61,7 @@ jobs: git config --global user.name "stakater-user" git add ${{ inputs.SUBPATH }}/rendered git commit -m "[skip ci] Add rendered and modified Helm chart" + git pull - name: Push changes From c0cedc493dd50490897aa9a428a220fdec9352ee Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 15:12:17 +0500 Subject: [PATCH 17/22] Update clustertask.yaml --- stakater-buildah-as-user/helm/templates/clustertask.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/stakater-buildah-as-user/helm/templates/clustertask.yaml b/stakater-buildah-as-user/helm/templates/clustertask.yaml index 6780fd7..ed428b3 100644 --- a/stakater-buildah-as-user/helm/templates/clustertask.yaml +++ b/stakater-buildah-as-user/helm/templates/clustertask.yaml @@ -91,6 +91,7 @@ spec: --tls-verify=$(params.TLSVERIFY) --no-cache \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) fi + securityContext: runAsUser: 1000 From 6fbe872ee28a25268bfaab56d887c70df3dc5c83 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Mon, 2 Oct 2023 15:14:26 +0500 Subject: [PATCH 18/22] Update clustertask.yaml --- stakater-buildah/helm/templates/clustertask.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/stakater-buildah/helm/templates/clustertask.yaml b/stakater-buildah/helm/templates/clustertask.yaml index 2a58eb8..df39adc 100644 --- a/stakater-buildah/helm/templates/clustertask.yaml +++ b/stakater-buildah/helm/templates/clustertask.yaml @@ -83,7 +83,6 @@ spec: echo "$FILE does not exist." GIT_DEPENDENCY_TOKEN='' fi - buildah pull docker://$(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG) || Image_unavailable=$? if [[ $(params.BUILD_IMAGE) == true || $Image_unavailable != '' From 0395551ff63eb25dd2c3b2832b9bd528af41198c Mon Sep 17 00:00:00 2001 From: stakater-user Date: Mon, 2 Oct 2023 10:15:45 +0000 Subject: [PATCH 19/22] [skip ci] Add rendered and modified Helm chart --- .../rendered/stakater-buildah-as-user-0.0.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml b/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml index 5be8ac5..9d819c8 100644 --- a/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml +++ b/stakater-buildah-as-user/rendered/stakater-buildah-as-user-0.0.1.yaml @@ -84,7 +84,6 @@ spec: echo "$FILE does not exist." GIT_DEPENDENCY_TOKEN='' fi - buildah pull docker://$(params.IMAGE_REGISTRY):$(params.CURRENT_GIT_TAG) || Image_unavailable=$? if [[ $(params.BUILD_IMAGE) == true || $Image_unavailable != '' @@ -94,6 +93,7 @@ spec: --tls-verify=$(params.TLSVERIFY) --no-cache \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) fi + securityContext: runAsUser: 1000 From 046f3bbdc5e7ea5897bb244d9de5d9e85f4d4866 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Thu, 5 Oct 2023 13:00:16 +0500 Subject: [PATCH 20/22] Update render_task.yaml --- .github/workflows/render_task.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/render_task.yaml b/.github/workflows/render_task.yaml index 337a307..11f2a66 100644 --- a/.github/workflows/render_task.yaml +++ b/.github/workflows/render_task.yaml @@ -53,10 +53,21 @@ jobs: run: | sed -i 's/ClusterTask/Task/g' ${{ inputs.SUBPATH }}/rendered/${{ inputs.SUBPATH }}-${{ inputs.NEXT_VERSION }}.yaml sed -i -E 's/${{ inputs.SUBPATH }}-[0-9]+\.[0-9]+\.[0-9]+/${{ inputs.SUBPATH }}-${{ inputs.NEXT_VERSION }}/g' ${{ inputs.SUBPATH }}/rendered/${{ inputs.SUBPATH }}-${{ inputs.NEXT_VERSION }}.yaml - + - name: Git pull + run: | + # Ensure you are on the correct branch + git checkout main # Replace "main" with your branch name + + # Fetch the latest changes from the remote repository + git fetch origin main:main + + # Merge the fetched changes into your local branch + git merge origin/main + + # Optionally, resolve any merge conflicts if needed + # git commit -m "Merge remote changes" -a - name: Commit Changes run: | - git pull git config --global user.email "stakater@gmail.com" git config --global user.name "stakater-user" git add ${{ inputs.SUBPATH }}/rendered From 60559f5136fc53961bae6568d8b1f24451e6a440 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Thu, 5 Oct 2023 13:02:33 +0500 Subject: [PATCH 21/22] Update clustertask.yaml --- stakater-buildah-as-user/helm/templates/clustertask.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/stakater-buildah-as-user/helm/templates/clustertask.yaml b/stakater-buildah-as-user/helm/templates/clustertask.yaml index ed428b3..d6fdfdc 100644 --- a/stakater-buildah-as-user/helm/templates/clustertask.yaml +++ b/stakater-buildah-as-user/helm/templates/clustertask.yaml @@ -121,6 +121,7 @@ spec: $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ $(params.IMAGE) docker://$(params.IMAGE) fi + securityContext: runAsUser: 1000 volumeMounts: From 6f20c3261b4d77ca7d7f715dc098c2686d814750 Mon Sep 17 00:00:00 2001 From: AsfaMumtaz Date: Thu, 5 Oct 2023 13:05:58 +0500 Subject: [PATCH 22/22] Update clustertask.yaml --- stakater-buildah/helm/templates/clustertask.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/stakater-buildah/helm/templates/clustertask.yaml b/stakater-buildah/helm/templates/clustertask.yaml index df39adc..f43adb9 100644 --- a/stakater-buildah/helm/templates/clustertask.yaml +++ b/stakater-buildah/helm/templates/clustertask.yaml @@ -92,7 +92,6 @@ spec: --tls-verify=$(params.TLSVERIFY) --no-cache \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) fi - securityContext: privileged: true volumeMounts: